YELLOW BEAR RECORDS
Legendary Records. Reborn.

Privacy Policy

1) Introduction and Controller Information

1.1

We are pleased that you are visiting our website and thank you for your interest in our company and our services. In the following, we inform you about the processing of your personal data when using our website. Personal data means any information relating to an identified or identifiable natural person.

1.2

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Yellow Bear Records GmbH
Groß-Nabas-Str. 9
81827 Munich
Germany

Phone: +49 (0)89 12126142
Email: info@yellowbearrecords.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.


2) Data Collection When Visiting Our Website

2.1 Server Log Files

When you use our website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called “server log files”).

When you access our website, we collect the following data, which is technically necessary for us to display the website:

  • The website visited
  • Date and time of access
  • Amount of data transferred (in bytes)
  • Source/reference from which you reached the website
  • Browser used
  • Operating system used
  • IP address used (where applicable in anonymized form)

Processing is carried out in accordance with Article 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

The data will not be disclosed or used for any other purpose. However, we reserve the right to subsequently review the server log files if there are specific indications of unlawful use.

2.2 SSL/TLS Encryption

For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries submitted to the controller), this website uses SSL or TLS encryption.

You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser’s address bar.


3) Hosting and Content Delivery Network (CDN)

For the hosting of our website and the presentation of its content, we use a service provider that performs its services itself or through carefully selected subcontractors exclusively on servers located within the European Union.

All data collected on our website is processed on these servers.

We have concluded a Data Processing Agreement (DPA) with the provider to ensure the protection of our website visitors’ data and to prohibit any unauthorized disclosure to third parties.


4) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your device.

Some of these cookies are automatically deleted after you close your browser (so-called “session cookies”), while others remain on your device for a longer period and enable the storage of website settings (so-called “persistent cookies”). In the latter case, you can find information about the storage period in the cookie settings of your web browser.

If personal data is also processed by individual cookies used by us, such processing is carried out in accordance with Article 6(1)(b) GDPR for the performance of a contract, in accordance with Article 6(1)(a) GDPR on the basis of your consent, or in accordance with Article 6(1)(f) GDPR for the purposes of safeguarding our legitimate interests in ensuring the best possible functionality of the website and a user-friendly and effective design of your visit to the website.

You can configure your browser to inform you whenever cookies are set and to allow you to decide individually whether to accept them, or to exclude the acceptance of cookies in certain cases or generally.

Please note that if you do not accept cookies, the functionality of our website may be limited.


5) Contacting Us

When you contact us (e.g. via a contact form or email), personal data is collected.

The specific data collected when using a contact form can be seen from the respective contact form itself. This data is stored and used exclusively for the purpose of responding to your inquiry, contacting you, and the associated technical administration.

The legal basis for processing this data is our legitimate interest in responding to your inquiry pursuant to Article 6(1)(f) GDPR.

If your contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

Your data will be deleted after your inquiry has been conclusively processed. This is the case when it can be inferred from the circumstances that the matter in question has been finally clarified and provided that no statutory retention obligations prevent deletion.


6) Use of Customer Data for Direct Marketing

Email Newsletter for Existing Customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers by email for products or services from our range that are similar to those you have already purchased.

In accordance with Section 7(3) of the German Unfair Competition Act (UWG), we do not require separate consent from you for this purpose.

The processing of data is carried out exclusively on the basis of our legitimate interest in personalized direct marketing pursuant to Article 6(1)(f) GDPR.

If you initially objected to the use of your email address for this purpose, no emails will be sent by us.

You have the right to object at any time, with effect for the future, to the use of your email address for the aforementioned advertising purposes by notifying the controller named at the beginning of this Privacy Policy.

You will only incur transmission costs according to the basic rates applicable to your communication provider.

Upon receipt of your objection, the use of your email address for advertising purposes will cease immediately.


7) Data Processing for Order Handling

7.1 General Order Processing

To the extent necessary for the performance of a contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned shipping company and the commissioned financial institution in accordance with Article 6(1)(b) GDPR.

Where, under a corresponding contract, we owe you updates for goods with digital elements or digital products, we process the contact details you provided during the ordering process in order to inform you personally about such updates as part of our statutory information obligations pursuant to Article 6(1)(c) GDPR.

Your contact details will be used strictly for notifications concerning updates owed by us and will only be processed to the extent necessary for the respective information.

For the processing of your order, we also cooperate with the service providers listed below, who support us in whole or in part in the performance of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.


7.2 Use of Payment Service Providers

Apple Pay

If you choose the payment method Apple Pay, offered by Apple Distribution International, Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing is carried out via the Apple Pay function of your iOS, watchOS, or macOS device using a payment card stored in Apple Pay.

Apple Pay uses security features integrated into your device’s hardware and software to protect transactions. To authorize a payment, you must enter a code previously defined by you and verify your identity via Face ID or Touch ID.

For payment processing purposes, the information provided during the ordering process together with information relating to your order is transmitted to Apple in encrypted form. Apple then re-encrypts this data using a developer-specific key before transmitting it to the payment service provider of the payment card stored in Apple Pay.

The encryption ensures that only the website through which the purchase was made can access the payment data.

After the payment has been completed, Apple sends your device account number and a transaction-specific dynamic security code to the originating website in order to confirm successful payment.

Where personal data is processed in connection with the aforementioned transmissions, such processing is carried out exclusively for payment processing purposes pursuant to Article 6(1)(b) GDPR.

Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and information as to whether the transaction was successfully completed. Due to anonymization, any personal reference is completely excluded.

Apple uses anonymized data to improve Apple Pay and other Apple products and services.

If you use Apple Pay on an iPhone or Apple Watch to complete a purchase initiated through Safari on a Mac, the Mac and the authorization device communicate through an encrypted channel via Apple servers. Apple neither processes nor stores this information in a format that identifies you personally.

You can disable the ability to use Apple Pay on your Mac by opening your iPhone settings, selecting Wallet & Apple Pay, and disabling Allow Payments on Mac.

Further information on Apple Pay privacy practices can be found at:

https://support.apple.com/


Google Pay

If you choose Google Pay, provided by Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland (“Google”), payment processing is carried out via the Google Pay application on your NFC-enabled mobile device running at least Android 4.4 (“KitKat”).

To authorize payments exceeding EUR 25.00, your mobile device must first be unlocked using the verification method configured on your device (e.g., facial recognition, password, fingerprint, or pattern).

For payment processing purposes, the information provided during the ordering process together with information relating to your order is transmitted to Google.

Google then transmits your payment information stored in Google Pay to the originating website in the form of a unique transaction number used to verify successful payment.

This transaction number contains no information about the actual payment data of your payment method stored in Google Pay. Instead, it is generated and transmitted as a one-time numerical token.

For all transactions processed via Google Pay, Google acts solely as an intermediary for payment processing.

The transaction itself is carried out exclusively between the user and the originating website through the payment method stored in Google Pay.

Where personal data is processed in connection with the aforementioned transmissions, such processing is carried out exclusively for payment processing purposes pursuant to Article 6(1)(b) GDPR.

Google may collect, store, and evaluate certain transaction-specific information, including:

  • Date, time, and amount of the transaction
  • Merchant location and description
  • Description of purchased goods or services
  • Photos attached to the transaction
  • Names and email addresses of buyer and seller
  • Payment method used
  • Description of the reason for the transaction
  • Promotional offers associated with the transaction

According to Google, such processing is carried out pursuant to Article 6(1)(f) GDPR based on its legitimate interest in proper accounting, transaction verification, and maintaining and improving Google Pay.

Google also reserves the right to combine transaction data with other information collected when using other Google services.

Google Pay Terms of Service and privacy information are available on Google’s websites.


Klarna

One or more online payment methods of the following provider are available on this website:

Klarna Bank AB
Sveavägen 46
111 34 Stockholm
Sweden

If you choose a payment method where payment is made in advance (e.g., credit card payment), your payment data provided during the ordering process (including name, address, payment card details, currency, and transaction number) as well as information relating to your order are transferred to Klarna pursuant to Article 6(1)(b) GDPR.

If you choose a payment method where Klarna assumes financial risk (e.g., invoice purchase, installment payments, or direct debit), you will be asked to provide additional personal information.

To safeguard our legitimate interest in assessing our customers’ creditworthiness, this information is transmitted to Klarna pursuant to Article 6(1)(f) GDPR for credit assessment purposes.

Klarna evaluates whether the selected payment option can be granted based on the personal data provided, together with other information such as shopping cart value, order history, and previous payment experience.

Credit reports may contain probability values (so-called score values). Where score values are included, they are based on scientifically recognized mathematical-statistical procedures.

You may object to this processing at any time. However, Klarna may still be entitled to process your personal data where this is necessary for contractual payment processing.


PayPal

One or more online payment methods of the following provider are available on this website:

PayPal (Europe) S.à r.l. et Cie, S.C.A.
22–24 Boulevard Royal
L-2449 Luxembourg

If you choose a payment method offered by PayPal where payment is made in advance, the payment data provided during the ordering process (including name, address, bank and payment card details, currency, and transaction number), as well as information relating to your order, will be transmitted to PayPal pursuant to Article 6(1)(b) GDPR.

The transfer of your data is carried out exclusively for the purpose of payment processing and only to the extent necessary for this purpose.

If you select a payment method where we provide services in advance, you may also be asked during the ordering process to provide certain personal information (such as first and last name, street address, postal code, city, date of birth, email address, telephone number, and, where applicable, information about an alternative means of payment).

To safeguard our legitimate interest in assessing your creditworthiness, this information may be transmitted to PayPal pursuant to Article 6(1)(f) GDPR for the purpose of a credit assessment.

PayPal evaluates, based on the personal data you provide as well as additional information (such as shopping cart value, invoice amount, order history, and previous payment experience), whether the selected payment option can be granted with regard to payment and default risks.

Credit reports may contain probability values (“score values”). Where score values are included in the result of a credit assessment, they are based on scientifically recognized mathematical-statistical procedures. Address data may be included in the calculation of such score values.

You may object to this processing of your data at any time by notifying either us or PayPal. However, PayPal may still be entitled to process your personal data where such processing is necessary for contractual payment processing.


Stripe

One or more online payment methods of the following provider are available on this website:

Stripe Payments Europe Ltd.
1 Grand Canal Street Lower
Grand Canal Dock
Dublin
Ireland

If you choose a payment method where payment is made in advance (such as credit card payment), the payment data provided during the ordering process (including name, address, payment card details, currency, and transaction number), together with information relating to your order, will be transmitted to Stripe pursuant to Article 6(1)(b) GDPR.

The transfer of your data takes place exclusively for the purpose of payment processing and only to the extent required for this purpose.

If you choose a payment method where Stripe assumes financial risk (e.g., invoice purchase, installment payments, or direct debit), you may be asked to provide additional personal information during the ordering process.

To safeguard our legitimate interest in assessing the creditworthiness of our customers, such information may be transmitted to Stripe pursuant to Article 6(1)(f) GDPR for credit assessment purposes.

Stripe evaluates, on the basis of the personal data provided by you and additional information such as shopping cart value, invoice amount, order history, and previous payment experience, whether the selected payment option can be granted in view of payment and default risks.

Credit assessments may include probability values (“score values”), which are based on scientifically recognized mathematical-statistical methods. Address information may be taken into account when calculating score values.

You may object to this processing at any time. However, Stripe may continue to process your personal data where such processing is required for contractual payment processing.


7.3 Electronic Withdrawal Function for Distance Selling Contracts

Consumers who conclude contracts on this website that are subject to a statutory right of withdrawal have the option of exercising their withdrawal rights via an electronic withdrawal function in accordance with the applicable withdrawal provisions.

To provide this electronic withdrawal function, we use a solution offered by:

Werner Witte / Witte Marketing
Zangberger Str. 2
84539 Ampfing
Germany

When using the withdrawal function, in addition to information required to identify the contract to be withdrawn from, further personal information such as the consumer’s first and last name and email address must be provided or confirmed.

This information is initially collected by the provider on the basis of our legitimate interest in a user-friendly, stable, and process-optimized solution pursuant to Article 6(1)(f) GDPR.

The information is then used to confirm receipt of the withdrawal declaration by email on our behalf and subsequently transmitted to us.

We process the transmitted information for the proper handling of the withdrawal pursuant to Article 6(1)(b) GDPR and Article 6(1)(c) GDPR on the basis of our statutory obligation to provide an electronic withdrawal function for consumer distance contracts involving payment obligations.

Information collected by the provider is routinely deleted after the withdrawal process has been completed, unless statutory retention obligations require longer storage.

We have concluded a Data Processing Agreement (DPA) with the provider to ensure the protection of data processed through the withdrawal function and to prevent unauthorized disclosure to third parties.


8) Web Analytics Services

Jetpack

This website uses the web analytics service provided by:

Automattic Inc.
60 29th Street #343
San Francisco, CA 94110-4929
USA

By means of cookies and/or comparable technologies (such as tracking pixels, web beacons, and algorithms used to read device and browser information), the service collects and stores pseudonymized visitor data, including information about the device used, such as IP addresses and browser information.

This information is used to perform statistical analyses of user behavior on our website and to create pseudonymized user profiles.

Among other things, this enables the analysis of movement patterns (so-called “heatmaps”), which show the duration of page visits and interactions with website content (e.g., text entries, scrolling, clicks, and mouse movements).

The pseudonymization generally excludes direct identification of individuals. No combination with other personal data collected in a non-pseudonymized form takes place.

All processing described above, particularly the storage of or access to information on the user’s device, is carried out only if you have given your explicit consent in accordance with Article 6(1)(a) GDPR.

You may revoke your consent at any time with future effect by disabling this service via the cookie consent tool provided on our website.

We have concluded a Data Processing Agreement (DPA) with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.

For transfers of personal data to the United States, the provider participates in the EU–US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.


9) Tools and Miscellaneous

Cookie Consent Tool

This website uses a so-called Cookie Consent Tool to obtain valid user consent for cookies and cookie-based applications that require consent.

The Cookie Consent Tool is displayed to users when they access the website in the form of an interactive user interface that allows users to grant consent for specific cookies and/or cookie-based applications by selecting corresponding options.

Through the use of this tool, all cookies and services requiring consent are only activated if the user has granted the relevant consent. This ensures that such cookies are only placed on the user’s device where consent has been given.

The tool uses technically necessary cookies to store your cookie preferences.

As a general rule, no personal data is processed in this context.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or documenting cookie preferences, such processing is carried out pursuant to Article 6(1)(f) GDPR on the basis of our legitimate interest in legally compliant, user-specific, and user-friendly consent management and therefore in a legally compliant design of our website.

An additional legal basis for processing is Article 6(1)(c) GDPR.

As the controller, we are legally obliged to make the use of non-essential cookies dependent upon the user’s consent.

Where required, we have concluded a Data Processing Agreement (DPA) with the provider to ensure the protection of our website visitors’ data and to prohibit unauthorized disclosure to third parties.

Further information regarding the provider and configuration options of the Cookie Consent Tool can be found directly within the corresponding user interface on our website.


10) Rights of the Data Subject

10.1 Your Rights Under Data Protection Law

Under applicable data protection law, you have the following rights with regard to the processing of your personal data:

  • Right of access pursuant to Article 15 GDPR
  • Right to rectification pursuant to Article 16 GDPR
  • Right to erasure pursuant to Article 17 GDPR
  • Right to restriction of processing pursuant to Article 18 GDPR
  • Right to notification pursuant to Article 19 GDPR
  • Right to data portability pursuant to Article 20 GDPR
  • Right to withdraw consent pursuant to Article 7(3) GDPR
  • Right to lodge a complaint pursuant to Article 77 GDPR

10.2 Right to Object

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTERESTS FOLLOWING A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO SUCH PROCESSING AT ANY TIME WITH FUTURE EFFECT FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

If you exercise your right to object, we will cease processing the data concerned.

However, further processing may be reserved if we can demonstrate compelling legitimate grounds for the processing which override your interests, fundamental rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES.

You may exercise your right to object as described above.

If you exercise your right to object, we will stop processing your personal data for direct marketing purposes.


11) Retention Period of Personal Data

The duration for which personal data is stored is determined by the relevant legal basis, the purpose of processing, and—where applicable—the respective statutory retention period (for example, retention periods under commercial and tax law).

Where personal data is processed on the basis of your explicit consent pursuant to Article 6(1)(a) GDPR, such data will be stored until you withdraw your consent.

Where statutory retention periods apply to data processed within the framework of contractual or pre-contractual obligations pursuant to Article 6(1)(b) GDPR, such data will be routinely deleted after the retention periods have expired, provided that the data is no longer required for contract performance or contract initiation and/or we no longer have a legitimate interest in retaining it.

Where personal data is processed on the basis of Article 6(1)(f) GDPR, such data will be stored until you exercise your right to object pursuant to Article 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defense of legal claims.

Where personal data is processed for direct marketing purposes on the basis of Article 6(1)(f) GDPR, such data will be stored until you exercise your right to object pursuant to Article 21(2) GDPR.

Unless otherwise stated in the specific information contained in this Privacy Policy regarding particular processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.


Version: 22 June 2026